PatchSiren cyber security CVE debrief
CVE-2026-58030 Wikimedia Foundation CVE debrief
The CVE-2026-58030 vulnerability is an Improper Neutralization of Input During Web Page Generation (XSS) issue affecting Mediawiki SyntaxHighlight_GeSHi. This vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. It impacts versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. Users of these versions should review and apply patches to prevent XSS attacks. The vulnerability is associated with program files includes/SyntaxHighlight.Php.
- Vendor
- Wikimedia Foundation
- Product
- SyntaxHighlight_GeSHi
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-01
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-01
- Advisory updated
- 2026-07-09
Who should care
Users of Mediawiki SyntaxHighlight_GeSHi versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9 should review and apply patches to prevent XSS attacks. This includes administrators and security teams responsible for maintaining Mediawiki installations with SyntaxHighlight_GeSHi. They should assess their exposure, apply vendor guidance, and monitor for suspicious activity.
Technical summary
CVE-2026-58030 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in Mediawiki SyntaxHighlight_GeSHi. The issue affects SyntaxHighlight_GeSHi versions from before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. This issue arises from the lack of proper input sanitization, allowing attackers to inject malicious scripts. Users of affected versions must apply patches to mitigate this vulnerability.
Defensive priority
Medium priority due to the CVSS score and potential impact of XSS attacks.
Recommended defensive actions
- Review and apply patches for Mediawiki SyntaxHighlight_GeSHi versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9
- Implement input validation and sanitization for user-supplied data
- Monitor for suspicious activity and implement compensating controls
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, affected versions, and CVSS score. However, further analysis is needed to determine the full scope of the vulnerability and potential impact. The evidence is based on the CVE record and NVD detail, which may have limitations in their analysis. Defenders should verify the vulnerability's impact on their specific environment and review the official advisories for further guidance.
Official resources
-
CVE-2026-58030 CVE record
CVE.org
-
CVE-2026-58030 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc - Permissions Required
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T16:16:50.310Z and has not been modified since then.